How to Improve Security of Your WordPress-Based Website - Are you 100% sure that your website is secure? If so then this tip is not for you. But if you still feel not 100% sure and use WordPress as a CMS, presumably you need to read this article until it runs out.
WordPress is a fairly popular platform today, with a variety of ease of wordpress widely used to create a website, whether it's just to create a personal blog, as well as a professional website.
And as we know that wordpress is a kind of open source where anyone can download the source code from http://wordpress.org and do ekxperimen, looking for new vulnerabilities in each version issued. Well, if we are one of wordpress users, then it is important for us to improve the security on the website that we create. Here are some tips to improve the security of cms wordpress
1. Always Update WordPress to Latest Minor Version
WordPress is one of the fairly regular CMS updated. The update is briefly divided into 2, namely:
- Major Update
- Minor Update
While minor updates are like version 4.3.1. As easily guessed, the number 1 is a minor update marker of 4.3.0 or 4.3 versions. Minor updates are often patches of security patches. While major updates usually also include the addition of new features.
Because in the major update version there is often a significant new feature, it is important to consider not to rush to major version. Because for security matters, usually in addition to major version out, also available minor update version and this is enough, while ensuring the major version is safe to use.
2. Always Update Theme and Plugins
After WordPress, the next thing is to make sure that the theme you are using along with the support plugins has been using the latest version. If the theme you are using you have modified the update process becomes manual (file per file).
For info, modifying themes created by others is not recommended. If you are interested in some parts of the theme, you should modify it by using the child theme. Then update the WordPress themes & plugins, but Before you update your themes and plugins to the latest version, you are strongly encouraged to do the following:
- Make backup database and theme files & plugins to be updated
- If using hosting on a local server, do the update process at night
3. Make Backups Periodically
Making regular backups for your entire website is mandatory. If you are using hosting with cPanel, you can use the full backup facility owned by cPanel.
In some cPanel hosting there is also an add with other backup features such as R1 Soft Backup. You can also use it.
If you install WordPress using Softaculous Installer that is in many cPanel hosting, usually also have auto backup feature and auto update.
In addition to the above mentioned backup features, you can also create automatic or manual backups by using WordPress plugin. I myself, usually use the UpdraftPlus plugin (free version). One thing I love (though the free version) of UpdraftPlus is the ability to create backups and put them in Google Drive.
By using UpDraft we can also choose what to back up, whether limited to plugins, databases or as a whole. Of course in addition to UpdraftPlus I mentioned there are other backup plugins that have similar capabilities.
Please try one by one but before make sure you have made backup your website database first. Just in case if the plugin you tried is not compatible. To find WordPress plugins for backup, you can always search for them in the WordPress Plugin repository or do a search on Google by reading the many reviews that are scattered on the internet.
4. Avoid Username Usage "admin"
Any CMS user should avoid using username 'admin'. Especially if the username is a default in the installation process. 'Admin' and some other popular username is used including one of the targets that tried to be broken by ignorant hands.
If it is already and just realized it after reading this paper, you do not need to worry too much. Please log into your WordPress admin area, then create a new username with a unique name with the 'administrator' capability.
If so, logout from your username now and log in as the new user. Then delete the existing 'admin' username. Delegate all 'admin' content to the new username you are logged in to.
5. Limit Login Process Error
The 5th tip to improve the security of WordPress-based websites is to limit the number of login errors that may be made. Both limit to experiments on certain usernames, as well as limit experiments performed by certain IP addresses.
How to? Using WordPress plugins like "Limit Login Attempt". Please do a search on the WordPress plugin repo using the keyword "Limit Login Attempt" and the like, you will find lots of docba alternatives.
Do not forget to create a backup before trying to install a new plugin. One of the things I use is this plugin. Old is not updated by the creator but this one plugin is still 100% compatible with the latest version of WordPress.
6. Enter your website into Google Search Console
Google Search Console, formerly known as Google Webmaster Tools will send you notifications whenever your website is suspected of crashing.
While in the context of improving security using Google Search Console does not provide any upgrades, but the notifications provided can make you more responsive to the bad things that happen.
7. Using WordPress Managed Hosting
Although I never use it myself, but for certain people who want more serious and do not want to mess around with hosting affairs (maintenance and security) can also use hosting which is usually named WordPress Managed Hosting.
Briefly by using this service, any technical affairs around WordPress are the responsibility of the hosting provider.
The price of course becomes more expensive when compared to the model of 'apple vs apple'. But if the performance of the website and the certainty of 'complicated' you enter as a factor, presumably the price offered becomes very rational.
For more detailed description of managed WordPress hosting services, please visit each of the following provider websites:
- WP Engine
- Synthesis Hosting
- Others follow
Similarly Tips Improve Your Website Security that I can share for you. I will attempt to periodically update this article to ensure it is always relevant from time to time. Hopefully this article can be useful for us.
Provide comments relevant to the posted articles and provide critiques and suggestions for the progress of the blog